Jump to content

Въпрос за зловреден код

Stefan Malchev
 Share

Препоръчан пост

Stefan Malchev Новобранец

Stefan Malchev

Публикувано
Публикувано
Здравеите преди време имах проблем ПЦ-то ми не даваше да сваля антивирусна програма и т.н. също така неми се отваря и msconfig. тогава сканирах ПЦ-то с една програма ОТЛ. сега направих същото и ето резултатите....

Desktop.rar

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

СТЪПКА 1

 

 

 

Cтартирайте пак OTL и с Copy/ Paste под колонката Custom Scans/Fixes въведете скриптовия текст от текстовото поле по-долу, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта!

 

 

:OTL
PRC - C:\DOCUME~1\Choko\LOCALS~1\Temp\vjmvafr.exe File not found
PRC - C:\Documents and Settings\Choko\Local Settings\Temp\urdvjxsaszcjhtnw.exe ()
O4 - HKLM..\Run: [kjxrhxueyhmvvjfqde] C:\Documents and Settings\Choko\Local Settings\Temp\ijzvnfeqmxeprhfshklb.exe ()
O4 - HKLM..\Run: [kjxrhxueypbblfejiv] C:\DOCUME~1\Choko\LOCALS~1\Temp\urdvjxsashrpxpmp.exe File not found
O4 - HKLM..\Run: [mfnblvmqehgj] C:\WINDOWS\System32\kjxrhxueyhmvvjfqde.exe ()
O4 - HKLM..\Run: [mfnblvmqepvp]  File not found
O4 - HKCU..\Run: [mfnblvmqehgj] C:\Documents and Settings\Choko\Local Settings\Temp\kjxrhxueyhmvvjfqde.exe ()
O4 - HKCU..\Run: [mfnblvmqepvp] C:\DOCUME~1\Choko\LOCALS~1\Temp\urdvjxsashrpxpmp.exe File not found
O4 - HKCU..\Run: [plwnanhoflntqbu] C:\WINDOWS\System32\bzmfujfohptbanise.exe ()
O4 - HKCU..\Run: [plwnanhoftczgxt]  File not found
O4 - HKLM..\RunOnce: [bzmfujfohptbanise] C:\Documents and Settings\Choko\Local Settings\Temp\urdvjxsaszcjhtnw.exe ()
O4 - HKLM..\RunOnce: [lfodozrwlppto] C:\WINDOWS\System32\xzqngzzmjvdpsjiwmqsjg.exe ()
O4 - HKCU..\RunOnce: [lfodozrwlppto] C:\Documents and Settings\Choko\Local Settings\Temp\bzmfujfohptbanise.exe ()
O4 - HKCU..\RunOnce: [urdvjxsaszcjhtnw] C:\WINDOWS\System32\kjxrhxueyhmvvjfqde.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: mhrhtfyeuhplrh = xzqngzzmjdsvifhprhlne.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: phobktjmzjo = C:\DOCUME~1\Choko\LOCALS~1\Temp\bzmfujfohxihqjhlj.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: mhrhtfyeuzafbl = urdvjxsaszcjhtnw.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: phobktjmzbz = C:\DOCUME~1\Choko\LOCALS~1\Temp\urdvjxsaszcjhtnw.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O32 - AutoRun File - [2012/02/29 21:21:44 | 000,000,827 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/02/29 21:21:45 | 000,000,803 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0495204a-f274-11e0-95aa-001a92f06a8c}\Shell\AutoRun\command - "" = F:\ulrdltikwx.bat -- File not found
O33 - MountPoints2\{0495204a-f274-11e0-95aa-001a92f06a8c}\Shell\explore\Command - "" = F:\mhrhtfyeuzafbl.bat -- File not found
O33 - MountPoints2\{0495204a-f274-11e0-95aa-001a92f06a8c}\Shell\open\Command - "" = F:\mfnblvmqehgj.bat -- File not found
O33 - MountPoints2\{05033224-a3c6-11e0-9532-001a92f06a8c}\Shell\AutoRun\command - "" = F:\ulrdltikwx.bat -- File not found
O33 - MountPoints2\{05033224-a3c6-11e0-9532-001a92f06a8c}\Shell\explore\Command - "" = F:\mhrhtfyeuzafbl.bat -- File not found
O33 - MountPoints2\{05033224-a3c6-11e0-9532-001a92f06a8c}\Shell\open\Command - "" = F:\mfnblvmqehgj.bat -- File not found
O33 - MountPoints2\{2e87127a-702a-11e0-94dd-001a92f06a8c}\Shell\AutoRun\command - "" = ulrdltikwx.bat
O33 - MountPoints2\{2e87127a-702a-11e0-94dd-001a92f06a8c}\Shell\explore\Command - "" = mhrhtfyeuzafbl.bat _
O33 - MountPoints2\{2e87127a-702a-11e0-94dd-001a92f06a8c}\Shell\open\Command - "" = mfnblvmqehgj.bat _
O33 - MountPoints2\{a3244d1e-8f60-11e0-9511-001a92f06a8c}\Shell\AutoRun\command - "" = F:\ulrdltikwx.bat -- File not found
O33 - MountPoints2\{a3244d1e-8f60-11e0-9511-001a92f06a8c}\Shell\explore\Command - "" = F:\mhrhtfyeuzafbl.bat -- File not found
O33 - MountPoints2\{a3244d1e-8f60-11e0-9511-001a92f06a8c}\Shell\open\Command - "" = F:\mfnblvmqehgj.bat -- File not found
[2012/02/29 22:01:08 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\yfbdbzewypctbxbupyfbdb.ewy
[2012/02/29 22:01:08 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\System32\yfbdbzewypctbxbupyfbdb.ewy
[2012/02/29 22:01:08 | 000,000,280 | -H-- | M] () -- C:\Program Files\yfbdbzewypctbxbupyfbdb.ewy
[2012/02/29 22:01:08 | 000,000,280 | -H-- | M] () -- C:\Documents and Settings\Choko\Local Settings\Application Data\yfbdbzewypctbxbupyfbdb.ewy
[2012/02/29 22:00:08 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\xzqngzzmjvdpsjiwmqsjg.exe
[2012/02/29 22:00:08 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\vvkfwnlwrbhrsheqegg.exe
[2012/02/29 22:00:08 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\orjhbvwkivervnnctybtrl.exe
[2012/02/29 22:00:08 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\ijzvnfeqmxeprhfshklb.exe
[2012/02/29 22:00:07 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\urdvjxsaszcjhtnw.exe
[2012/02/29 22:00:07 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\kjxrhxueyhmvvjfqde.exe
[2012/02/29 22:00:07 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\bzmfujfohptbanise.exe
[2012/02/29 21:21:17 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\System32\xzqngzzmjvdpsjiwmqsjg.exe
[2012/02/29 21:21:17 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\System32\vvkfwnlwrbhrsheqegg.exe
[2012/02/29 21:21:17 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\System32\orjhbvwkivervnnctybtrl.exe
[2012/02/29 21:21:17 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\System32\kjxrhxueyhmvvjfqde.exe
[2012/02/29 21:21:17 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\System32\ijzvnfeqmxeprhfshklb.exe
[2012/02/29 21:21:16 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\System32\urdvjxsaszcjhtnw.exe
[2012/02/29 21:21:16 | 000,548,864 | RHS- | M] () -- C:\WINDOWS\System32\bzmfujfohptbanise.exe
[2012/02/29 21:41:45 | 000,548,864 | RHS- | C] () -- C:\WINDOWS\xzqngzzmjvdpsjiwmqsjg.exe
[2012/02/29 21:41:45 | 000,548,864 | RHS- | C] () -- C:\WINDOWS\orjhbvwkivervnnctybtrl.exe
[2012/02/29 21:41:44 | 000,548,864 | RHS- | C] () -- C:\WINDOWS\vvkfwnlwrbhrsheqegg.exe
[2012/02/29 21:41:44 | 000,548,864 | RHS- | C] () -- C:\WINDOWS\urdvjxsaszcjhtnw.exe
[2012/02/29 21:41:44 | 000,548,864 | RHS- | C] () -- C:\WINDOWS\kjxrhxueyhmvvjfqde.exe
[2012/02/29 21:41:44 | 000,548,864 | RHS- | C] () -- C:\WINDOWS\ijzvnfeqmxeprhfshklb.exe
[2012/02/29 21:41:44 | 000,548,864 | RHS- | C] () -- C:\WINDOWS\bzmfujfohptbanise.exe
[2011/04/20 18:44:15 | 000,004,248 | -H-- | C] () -- C:\Program Files\phobktjmzbzbubquaumtgpyoregegzgvz.zry
[2011/04/20 18:44:15 | 000,004,248 | -H-- | C] () -- C:\Documents and Settings\Choko\Local Settings\Application Data\phobktjmzbzbubquaumtgpyoregegzgvz.zry
[2011/04/20 18:44:14 | 000,000,280 | -H-- | C] () -- C:\Program Files\yfbdbzewypctbxbupyfbdb.ewy
[2011/04/20 18:44:14 | 000,000,280 | -H-- | C] () -- C:\Documents and Settings\Choko\Local Settings\Application Data\yfbdbzewypctbxbupyfbdb.ewy
[2011/04/20 18:17:30 | 000,004,248 | -H-- | C] () -- C:\Program Files\lfodozrwlxezetnnhplfodozrwlxezetnnh.lfo
[2011/04/20 18:17:30 | 000,004,248 | -H-- | C] () -- C:\Documents and Settings\Choko\Local Settings\Application Data\lfodozrwlxezetnnhplfodozrwlxezetnnh.lfo
[2011/04/20 18:17:29 | 000,000,280 | -H-- | C] () -- C:\Program Files\cljnnnuostpztxgvebmvtxxx.ycd
[2011/04/20 18:17:29 | 000,000,280 | -H-- | C] () -- C:\Documents and Settings\Choko\Local Settings\Application Data\cljnnnuostpztxgvebmvtxxx.ycd
[2011/04/20 18:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Choko\Application Data\OpenCandy
[2012/02/29 21:21:44 | 000,000,827 | ---- | M] () -- C:\autorun.inf
[2009/03/17 06:17:49 | 000,548,864 | ---- | M] () -- C:\mfnblvmqehgj.bat
[2009/03/20 04:31:24 | 000,548,864 | ---- | M] () -- C:\mhrhtfyeuzafbl.bat
[2009/04/20 08:23:27 | 000,548,864 | ---- | M] () -- C:\ulrdltikwx.bat
:files
C:\DOCUME~1\Choko\LOCALS~1\Temp\vjmvafr.exe
C:\Documents and Settings\Choko\Local Settings\Temp\urdvjxsaszcjhtnw.exe
D:\*.bat
C:\RECYCLER
D:\RECYCLER
:commands
[emptytemp]

 

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: http://store.picbg.net/pubpic/31/0E/045f5994a44b310e.png

Ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

 

PS: Ако не се появи лог файл, отворете папката C:\_OTL\MovedFiles отворете лог файла и публикувайте съдържанието му в следващия си пост.

 

 

 

 

СТЪПКА 2

  • Изтеглете Malwarebytes' Anti-Malware оттук и я инсталирайте.
  • Стартирайте Malwarebytes' Anti-Malware и отидете на UPDATE и натиснете Check for updates.
  • След това се върнете на Scanner изберете Perform FULL Scan, след това кликнете на Scan.
  • Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
  • Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
  • Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
  • Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

 

 

Поздрави !

Link to comment
Сподели другаде
Stefan Malchev Новобранец

Stefan Malchev

Публикувано
  • Author
Публикувано

има проблем изписва ми File not found и ПЦ-то блокира

 

All processes killed

========== OTL ==========

No active process named urdvjxsaszcjhtnw.exe was found!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kjxrhxueyhmvvjfqde deleted successfully.

C:\Documents and Settings\Choko\Local Settings\Temp\ijzvnfeqmxeprhfshklb.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mfnblvmqehgj deleted successfully.

C:\WINDOWS\system32\kjxrhxueyhmvvjfqde.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mfnblvmqehgj deleted successfully.

C:\Documents and Settings\Choko\Local Settings\Temp\kjxrhxueyhmvvjfqde.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\plwnanhoflntqbu deleted successfully.

C:\WINDOWS\system32\bzmfujfohptbanise.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\bzmfujfohptbanise deleted successfully.

C:\Documents and Settings\Choko\Local Settings\Temp\urdvjxsaszcjhtnw.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\lfodozrwlppto deleted successfully.

C:\WINDOWS\system32\xzqngzzmjvdpsjiwmqsjg.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\lfodozrwlppto deleted successfully.

C:\Documents and Settings\Choko\Local Settings\Temp\bzmfujfohptbanise.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\urdvjxsaszcjhtnw deleted successfully.

File C:\WINDOWS\System32\kjxrhxueyhmvvjfqde.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\mhrhtfyeuhplrh deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\phobktjmzjo deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\mhrhtfyeuzafbl deleted successfully.

C:\WINDOWS\System32\urdvjxsaszcjhtnw.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\phobktjmzbz deleted successfully.

File C:\DOCUME~1\Choko\LOCALS~1\Temp\urdvjxsaszcjhtnw.exe not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

C:\autorun.inf moved successfully.

D:\autorun.inf moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0495204a-f274-11e0-95aa-001a92f06a8c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0495204a-f274-11e0-95aa-001a92f06a8c}\ not found.

File F:\ulrdltikwx.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0495204a-f274-11e0-95aa-001a92f06a8c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0495204a-f274-11e0-95aa-001a92f06a8c}\ not found.

File F:\mhrhtfyeuzafbl.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0495204a-f274-11e0-95aa-001a92f06a8c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0495204a-f274-11e0-95aa-001a92f06a8c}\ not found.

File F:\mfnblvmqehgj.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05033224-a3c6-11e0-9532-001a92f06a8c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05033224-a3c6-11e0-9532-001a92f06a8c}\ not found.

File F:\ulrdltikwx.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05033224-a3c6-11e0-9532-001a92f06a8c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05033224-a3c6-11e0-9532-001a92f06a8c}\ not found.

File F:\mhrhtfyeuzafbl.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05033224-a3c6-11e0-9532-001a92f06a8c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05033224-a3c6-11e0-9532-001a92f06a8c}\ not found.

File F:\mfnblvmqehgj.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e87127a-702a-11e0-94dd-001a92f06a8c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e87127a-702a-11e0-94dd-001a92f06a8c}\ not found.

File ulrdltikwx.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e87127a-702a-11e0-94dd-001a92f06a8c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e87127a-702a-11e0-94dd-001a92f06a8c}\ not found.

File mhrhtfyeuzafbl.bat _ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e87127a-702a-11e0-94dd-001a92f06a8c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e87127a-702a-11e0-94dd-001a92f06a8c}\ not found.

File mfnblvmqehgj.bat _ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3244d1e-8f60-11e0-9511-001a92f06a8c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3244d1e-8f60-11e0-9511-001a92f06a8c}\ not found.

File F:\ulrdltikwx.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3244d1e-8f60-11e0-9511-001a92f06a8c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3244d1e-8f60-11e0-9511-001a92f06a8c}\ not found.

File F:\mhrhtfyeuzafbl.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3244d1e-8f60-11e0-9511-001a92f06a8c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3244d1e-8f60-11e0-9511-001a92f06a8c}\ not found.

File F:\mfnblvmqehgj.bat not found.

C:\WINDOWS\yfbdbzewypctbxbupyfbdb.ewy moved successfully.

C:\WINDOWS\system32\yfbdbzewypctbxbupyfbdb.ewy moved successfully.

C:\Program Files\yfbdbzewypctbxbupyfbdb.ewy moved successfully.

C:\Documents and Settings\Choko\Local Settings\Application Data\yfbdbzewypctbxbupyfbdb.ewy moved successfully.

C:\WINDOWS\xzqngzzmjvdpsjiwmqsjg.exe moved successfully.

C:\WINDOWS\vvkfwnlwrbhrsheqegg.exe moved successfully.

C:\WINDOWS\orjhbvwkivervnnctybtrl.exe moved successfully.

C:\WINDOWS\ijzvnfeqmxeprhfshklb.exe moved successfully.

C:\WINDOWS\urdvjxsaszcjhtnw.exe moved successfully.

C:\WINDOWS\kjxrhxueyhmvvjfqde.exe moved successfully.

C:\WINDOWS\bzmfujfohptbanise.exe moved successfully.

File C:\WINDOWS\System32\xzqngzzmjvdpsjiwmqsjg.exe not found.

C:\WINDOWS\system32\vvkfwnlwrbhrsheqegg.exe moved successfully.

C:\WINDOWS\system32\orjhbvwkivervnnctybtrl.exe moved successfully.

File C:\WINDOWS\System32\kjxrhxueyhmvvjfqde.exe not found.

C:\WINDOWS\system32\ijzvnfeqmxeprhfshklb.exe moved successfully.

File C:\WINDOWS\System32\urdvjxsaszcjhtnw.exe not found.

File C:\WINDOWS\System32\bzmfujfohptbanise.exe not found.

File C:\WINDOWS\xzqngzzmjvdpsjiwmqsjg.exe not found.

File C:\WINDOWS\orjhbvwkivervnnctybtrl.exe not found.

File C:\WINDOWS\vvkfwnlwrbhrsheqegg.exe not found.

File C:\WINDOWS\urdvjxsaszcjhtnw.exe not found.

File C:\WINDOWS\kjxrhxueyhmvvjfqde.exe not found.

File C:\WINDOWS\ijzvnfeqmxeprhfshklb.exe not found.

File C:\WINDOWS\bzmfujfohptbanise.exe not found.

C:\Program Files\phobktjmzbzbubquaumtgpyoregegzgvz.zry moved successfully.

C:\Documents and Settings\Choko\Local Settings\Application Data\phobktjmzbzbubquaumtgpyoregegzgvz.zry moved successfully.

File C:\Program Files\yfbdbzewypctbxbupyfbdb.ewy not found.

File C:\Documents and Settings\Choko\Local Settings\Application Data\yfbdbzewypctbxbupyfbdb.ewy not found.

C:\Program Files\lfodozrwlxezetnnhplfodozrwlxezetnnh.lfo moved successfully.

C:\Documents and Settings\Choko\Local Settings\Application Data\lfodozrwlxezetnnhplfodozrwlxezetnnh.lfo moved successfully.

C:\Program Files\cljnnnuostpztxgvebmvtxxx.ycd moved successfully.

C:\Documents and Settings\Choko\Local Settings\Application Data\cljnnnuostpztxgvebmvtxxx.ycd moved successfully.

C:\Documents and Settings\Choko\Application Data\OpenCandy\OpenCandy_CFAA0C9E4CCF4DAEAFABC5A39B3BA826 folder moved successfully.

C:\Documents and Settings\Choko\Application Data\OpenCandy folder moved successfully.

File C:\autorun.inf not found.

C:\mfnblvmqehgj.bat moved successfully.

C:\mhrhtfyeuzafbl.bat moved successfully.

C:\ulrdltikwx.bat moved successfully.

========== FILES ==========

C:\DOCUME~1\Choko\LOCALS~1\Temp\vjmvafr.exe moved successfully.

File\Folder C:\Documents and Settings\Choko\Local Settings\Temp\urdvjxsaszcjhtnw.exe not found.

D:\mfnblvmqehgj.bat moved successfully.

D:\mhrhtfyeuzafbl.bat moved successfully.

D:\ulrdltikwx.bat moved successfully.

C:\RECYCLER\S-1-5-21-1960408961-1409082233-1606980848-1003 folder moved successfully.

C:\RECYCLER folder moved successfully.

D:\RECYCLER\S-1-5-21-790525478-1757981266-1417001333-500 folder moved successfully.

D:\RECYCLER\S-1-5-21-725345543-1960408961-1177238915-1004 folder moved successfully.

D:\RECYCLER\S-1-5-21-515967899-602162358-1606980848-1004 folder moved successfully.

D:\RECYCLER\S-1-5-21-515967899-602162358-1606980848-1003 folder moved successfully.

D:\RECYCLER\S-1-5-21-484763869-1060284298-1417001333-1003 folder moved successfully.

D:\RECYCLER\S-1-5-21-1960408961-1409082233-1606980848-1003 folder moved successfully.

D:\RECYCLER folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Choko

->Temp folder emptied: 2853096 bytes

->Temporary Internet Files folder emptied: 114578 bytes

->Google Chrome cache emptied: 7671918 bytes

->Flash cache emptied: 2281 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 255 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 10.00 mb

 

 

OTL by OldTimer - Version 3.2.17.3 log created on 03012012_212259

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
 Share
Иди на предишната тема
×
×
  • Създай ново...